Overview

overview

10

Static

static

SecuriteIn...48.exe

windows7-x64

10

SecuriteIn...48.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    70s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2022 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.PackedNET.1505.12146.16948.exe

  • Size

    2.5MB

  • MD5

    8f121ef56e6402c471c0a0e9dbb7f1df

  • SHA1

    cfedc01390dddaa538004e5e5ba5303e58ccd837

  • SHA256

    1478dd1a798dd70f503833edaa09b3ff8ae4cb1c4313fbc842686c0b1dd909ff

  • SHA512

    3c8aeb90a08e1138b1e4b98ea3d96222fa74e1aacaf4b50e7c0bb806f47b79cf7ea4b8d7d2cd8dbaab87171b9ade08b98c6b4566c02503de92e80e3acadc43e3

  • SSDEEP

    49152:C8BmdIe8LVUOE3krg44W2qRqguN/I7X3cvS7oS2H8:IONLrD84IqRHn3cvS0SM8

Score
10/10
redlinez2kdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Z2K

C2

amrican-sport-live-stream.cc:4581

Attributes
  • auth_value

    8a9de6d1ef98f81da5a7e46825e88077

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.1505.12146.16948.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.1505.12146.16948.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2376

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2376-144-0x000000000BF80000-0x000000000BFF6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2376-143-0x000000000AFC0000-0x000000000AFFC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2376-140-0x000000000B500000-0x000000000BB18000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2376-148-0x000000000DF00000-0x000000000E42C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2376-141-0x000000000AF60000-0x000000000AF72000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2376-147-0x000000000D800000-0x000000000D9C2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2376-138-0x0000000000000000-mapping.dmp

    Download

  • memory/2376-142-0x000000000B090000-0x000000000B19A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2376-146-0x000000000C320000-0x000000000C370000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2376-145-0x000000000C000000-0x000000000C01E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2376-139-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3368-137-0x000000003E2D0000-0x000000003E336000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3368-132-0x0000000000D00000-0x0000000000F84000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3368-136-0x00000000066E0000-0x0000000006702000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3368-134-0x00000000059B0000-0x0000000005A42000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3368-133-0x0000000005D10000-0x00000000062B4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3368-135-0x0000000005920000-0x000000000592A000-memory.dmp

    Filesize

    40KB

    Download